Microsoft patches record 200-plus vulnerabilities as AI accelerates bug discovery - SiliconANGLE

Microsoft patches record 200-plus vulnerabilities as AI accelerates bug discovery

Microsoft Corp. has patched more than 200 security vulnerabilities, the most the company has ever fixed in a single Patch Tuesday, as researchers say artificial intelligence bug-hunting is the reason the number keeps climbing.

The previous record was 175 fixes, set last October. This month’s batch carried 38 critical flaws and Microsoft shipped several of them only after the bugs were already public.

The worst of the bunch was CVE-2026-45657, a use-after-free flaw in the Windows kernel’s TCP/IP stack that scored 9.8 on the Common Vulnerability Scoring System scale. An attacker needed no credentials and no user interaction to exploit it. Microsoft says the bug is wormable on some networks. No public exploit had surfaced as of Wednesday.

Attackers were already exploiting two of the patched vulnerabilities before Tuesday. One is tracked as CVE-2026-42897 and hits the Outlook Web Access component of Exchange Server. CISA added it to its Known Exploited Vulnerabilities catalog in May. The other, CVE-2026-41091, let an attacker escalate privileges through Microsoft Defender. Microsoft shipped an emergency fix for it in May and a formal one this month.